Every interaction is a product of the protected agent and some other agent, yes? Every potential interaction represented by an edge – attack surface an isolating graph cut in this graph?
Either way, the graph view is just a first bid for something geometric-flavored.
Conversation
Yah. I'm trying to work out how you characterise "interaction that shouldn't have happened, but did."
1
2
The attack surface is a subset of the "possible interaction surface" which also contains the "acceptable interaction surface". In the graph framework they are all cuts. When adding features the graph becomes more dense; what can be said about |AS|/|PIS| and |AIS|/|PIS| growth?
3
4
I think captures one of the things me and were bouncing on here: I'm talking about an abstract graph of «all possible interactions», not just «all foreseen interactions»…
Not practical in terms of defense, but maybe in terms of first definitions?
1
1
I'm just going to be a broken record and point out that if you have a grammar of the language in which agents communicate, and a state machine characterising state transitions on accepted messages, there's your acceptable interaction surface cut
(some assembly required)
3
2
or multiple state machines, I suppose that works too
I suppose it's also time to fire up the signal
1
1
There may be ways to characterize the notion of attack surface more formally, but I'm pretty distracted currently by questions of how to defend better. That said, the question of what we've meant by "attack surface" all this time is interesting.
1
There is the very thing we're defending (usually information or a functionality), but there is also the things that if compromised make the VTWD vulnerable. These TTiCMtVCs have their own things that can make them vulnerable. Attack surface: closure of all these things?
1
2
Meanwhile, on a rather smaller scale, looks like some neighbours at Columbia have been enumerating points on the parser differential attack surfaces of SSL/TLS implementations (specifically, *just* hostname verification) cs.columbia.edu/~suman/docs/hv
2
6
15
oh interesting that reminds me of my idea of doing this to parser generators, which I should probably realize some time
Ooh. I’m just figuring out Klee, all this stuff is wild.
1
3
Show replies